carbide

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Alpha/Beta/RC
    In reply to: error RSS

    Here’s a PHP script, sorry I didn’t write it but saw it mentioned in another post at some point…

    You can paste that into a file and load it in your browser and make note of what passes and what fails. If you can connect to Google, Facebook, LinkedIn, via SSL, then you know it’s enabled.

    <?php
function nxs_cURLTest($url, $msg, $testText){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $url);
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt($ch, CURLOPT_TIMEOUT, 30);
  curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
  $response = curl_exec($ch);
  $errmsg = curl_error($ch);
  $cInfo = curl_getinfo($ch);
  curl_close($ch);
  echo "Testing ... ".$url." - ".$cInfo['url']."<br />";
  if (stripos($response, $testText)!==false)
    echo "....".$msg." - OK<br />";
  else
  {
    echo "....<b style='color:red;'>".$msg." - Problem</b><br /><pre>";
    print_r($errmsg);
    print_r($cInfo);
    print_r(htmlentities($response));
    echo "</pre>There is a problem with cURL. You need to contact your server admin or hosting provider.";
  }
}

 nxs_cURLTest("https://www.ads-software.com/", "HTTP to WP", "wordpress site");
 nxs_cURLTest("https://api.www.ads-software.com/", "HTTP to WP API", "WP");
 nxs_cURLTest("https://www.ads-software.com/", "HTTP to WP", "wordpress site");
 nxs_cURLTest("https://api.www.ads-software.com/", "HTTP to WP API", "WP");
 nxs_cURLTest("https://www.google.com/intl/en/contact/", "HTTP to Google", "Mountain View, CA");
 nxs_cURLTest("https://www.google.com/intl/en/contact/", "HTTPS to Google", "Mountain View, CA");
 nxs_cURLTest("https://www.facebook.com/", "HTTPS to Facebook", 'id="facebook"');
 nxs_cURLTest("https://www.linkedin.com/", "HTTPS to LinkedIn", 'link rel="canonical" href="https://www.linkedin.com/"');
 nxs_cURLTest("https://twitter.com/", "HTTPS to Twitter", 'link rel="canonical" href="https://twitter.com/"');
 nxs_cURLTest("https://pinterest.com/", "HTTPS to Pinterest", 'content="Pinterest"');
?>
    Thread Starter carbide

    (@carbide)

    Not sure whether the server config changed, or someone removed that IP from the blocklist on the wordpress server firewall, but at least now I can connect using:
    openssl s_client -connect api.www.ads-software.com:443

    The wordpress server responds with:

    WARNING: can’t open config file: /etc/pki/tls/openssl.cnf
    CONNECTED(00000003)
    depth=2 C = US, ST = Arizona, L = Scottsdale, O = “GoDaddy.com, Inc.”, CN addy Root Certificate Authority – G2
    verify error:num=20:unable to get local issuer certificate
    verify return:0

    Certificate chain
    0 s:/OU=Domain Control Validated/CN=*.www.ads-software.com
    i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=https://certs.godom/repository//CN=Go Daddy Secure Certificate Authority – G2
    1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=https://certs.godom/repository//CN=Go Daddy Secure Certificate Authority – G2
    i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Ceate Authority – G2
    2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Ceate Authority – G2
    i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority

    Server certificate
    —–BEGIN CERTIFICATE—–
    {omitted for spacesaving}
    —–END CERTIFICATE—–
    subject=/OU=Domain Control Validated/CN=*.www.ads-software.com
    issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=https://certs.godaddy .com/repository//CN=Go Daddy Secure Certificate Authority – G2

    No client certificate CA names sent
    Server Temp Key: ECDH, prime256v1, 256 bits

    SSL handshake has read 4392 bytes and written 375 bytes

    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 9BE4C049563AE9287B5D5…
    Session-ID-ctx:
    Master-Key: 94B84E573459252276A47…
    Key-Arg : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    {…}
    Start Time: 1419369962
    Timeout : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

    closed

    I’m no whizz-bang with SSL negotiation, but it appears that I just need the GoDaddy cert downloaded, and the cafile parameter added on the openssl request, and we should be fully up.

    Or is there something else missing?

Viewing 2 replies - 1 through 2 (of 2 total)